California Privacy Policy
PRIVACY NOTICE FOR CALIFORNIA RESIDENTS
This California Privacy Policy describes how Care West Insurance Company [and its subsidiaries, affiliates, and related entities, as applicable] (“Care West,” “Company,” “we,” “us,” or “our”) collect, use, disclose, retain, sell, and share personal information about consumers who reside in California. The California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”), requires us to provide California consumers with a privacy policy describing our online and offline practices regarding our collection, use, disclosure, sale, sharing, and retention of personal information, along with a description of California privacy rights. Any terms defined in the CCPA have the same meaning when used in this Privacy Policy.
This Privacy Policy applies to personal information we collect in connection with our workers’ compensation and other insurance offerings, including personal information relating to policyholders, insured employers, workers’ compensation claimants, employees of insured employers, brokers, agents, website visitors, portal users, payors, medical providers, and other individuals whose personal information we collect or process in connection with our products, services, websites, portals, claims processes, underwriting, billing, risk management, training, regulatory obligations, and related business operations.
This Privacy Policy does not apply to personal information that is exempt from or otherwise outside the scope of the CCPA, including, where applicable, personal information subject to the Gramm-Leach-Bliley Act (“GLBA”), the California Financial Information Privacy Act (“FIPA”), the Fair Credit Reporting Act (“FCRA”), the Driver’s Privacy Protection Act, or other sector-specific privacy laws. To the extent a category of personal information is exempt from the CCPA, our inclusion of that category in this Privacy Policy is not an admission that the information is subject to the CCPA; rather, it is intended to provide consumers with a practical description of our privacy practices.
This Privacy Policy does not apply to personal information we collect and use about our employees, job applicants, contractors, interns, or other workers in an employment-related capacity.
PERSONAL INFORMATION COLLECTED
We collect and use information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal information”). Personal information does not include publicly available information, lawfully obtained truthful information that is a matter of public concern, deidentified or aggregated consumer information, or information excluded from the CCPA’s scope.
PERSONAL INFORMATION CATEGORIES CHART
The chart below identifies the categories of personal information we have collected from consumers within the last 12 months and our expected retention practices. Retention periods vary depending on the nature of the information, the purpose for which it was collected, the consumer’s relationship with us, insurance regulatory requirements, claims handling obligations, litigation holds, and other legal or operational requirements.
| Category | Examples | Collected | Retention Period |
| A. Identifiers | Name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, Social Security number, driver’s license number, passport number, or similar identifiers. | Yes | Retained as reasonably necessary to administer policies, process claims, maintain accounts, comply with legal and regulatory obligations, resolve disputes, enforce agreements, conduct audits, and satisfy records retention policies. |
| B. California Customer Records | Name, signature, Social Security number, physical characteristics or description, address, telephone number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, other financial information, medical information, or health insurance information. | Yes | Retained as reasonably necessary to administer policies, process claims and payments, complete transactions, satisfy insurance, accounting, tax, audit, legal, and regulatory obligations, and comply with records retention policies. |
| C. Protected Classes | Age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex, gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions, sexual orientation, reproductive health decision-making, military and veteran status, or genetic information. | Yes | Retained as reasonably necessary for underwriting, claims administration, regulatory compliance, anti-fraud purposes, legal obligations, and records retention requirements, and only where relevant or required or permitted by law. |
| D. Commercial information | Products or services purchased, obtained, or considered; workers’ compensation insurance policies; premium information; payment history; policy history; coverage information; claims history; or other purchasing or consuming histories or tendencies. | Yes | Retained as reasonably necessary for policy administration, billing, audits, claims administration, regulatory compliance, and records retention obligations. |
| E. Biometric information | Physiological, behavioral, or biological characteristics used to extract a template or other identifier, such as fingerprints, faceprints, voiceprints, iris or retina scans, or gait patterns. | No | Not applicable, unless collected in the future following appropriate notice. |
| F. Internet or other similar network activity | Browsing history, search history, website or portal usage, interactions with websites, portals, applications, emails, advertisements, cookies, pixels, analytics technologies, or other digital systems. | Yes | Retained as reasonably necessary for website operations, security, analytics, troubleshooting, fraud prevention, marketing measurement, and records retention policies. |
| G. Geolocation data | Physical location or movements, including general location inferred from IP address or device data. | Yes | Retained as reasonably necessary for security, fraud prevention, website analytics, claims or policy administration, and records retention policies. |
| H. Sensory data | Audio, electronic, visual, or similar information, including recorded calls, electronic communications, photographs, videos, claim-related images, or other visual evidence. | Yes | Retained as reasonably necessary for customer service, claims administration, quality assurance, fraud prevention, legal compliance, dispute resolution, and records retention policies. |
| I. Professional or employment-related information | Current or past job history, employer, occupation, job duties, payroll information, wage information, work status, workplace incident information, or information relevant to workers’ compensation coverage, premium audits, underwriting, or claims. | Yes | Retained as reasonably necessary for underwriting, policy administration, premium audits, claims administration, legal compliance, and records retention policies. |
| J. Non-public education information | Education records directly related to a student and maintained by an educational institution or party acting on its behalf. | No | Not applicable, unless collected in the future following appropriate notice. |
| K. Inferences drawn from other personal information | Profiles or inferences reflecting preferences, characteristics, predispositions, behavior, attitudes, abilities, aptitudes, risk characteristics, insurance risk assessments, claim trends, or underwriting-related analyses. | Yes | Retained as reasonably necessary for underwriting, risk management, actuarial analysis, claims administration, fraud prevention, product improvement, and records retention policies. |
| L. Sensitive personal information | Further identified in the chart below. | Yes | Retained as reasonably necessary for the permitted purposes described below, including policy administration, claims administration, fraud prevention, security, legal compliance, and records retention policies. |
SENSITIVE PERSONAL INFORMATION CATEGORIES CHART
Sensitive personal information is a subtype of personal information consisting of the specific information categories listed in the chart below. Importantly, the CCPA only treats this information as sensitive personal information when we collect or use it to infer characteristics about a consumer.
The chart below identifies which sensitive personal information categories, if any, we have collected from consumers to infer characteristics about them in the last 12 months.
| Sensitive Personal Information Category | Collected to Infer Characteristics? |
| L.1. Government identifiers, such as Social Security number, driver’s license, state identification card, or passport number. | No |
| L.2. Complete account access credentials, such as usernames, account logins, account numbers, or card numbers combined with required access/security code or password. | No |
| L.3. Precise geolocation. | No |
| L.4. Racial or ethnic origin. | No |
| L.5. Citizenship or immigration status. | No |
| L.6. Religious or philosophical beliefs. | No |
| L.7. Union membership. | No |
| L.8. Mail, email, or text messages not directed to Care West. | No |
| L.9. Genetic data. | No |
| L.10. Neural data. | No |
| L.11. Unique identifying biometric information. | No |
| L.12. Health information. | No |
| L.13. Sex life or sexual orientation information. | No |
| L.14. Children’s personal information under age 16. | No |
SOURCES OF PERSONAL INFORMATION
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from you, including through applications, claim forms, payment submissions, portal registrations, communications, requests, forms, email, telephone calls, website interactions, or other information you provide to us.
- From insured employers, policyholders, or their representatives, including payroll, employment, job duty, workplace incident, injury, claim, audit, and policy-related information.
- From insurance agents, brokers, producers, and other insurance intermediaries.
- From claims administrators, adjusters, investigators, medical providers, medical case managers, independent medical examiners, pharmacies, vocational rehabilitation providers, litigation counsel, and other persons or entities involved in workers’ compensation claims.
- From service providers and contractors, including website hosting providers, portal vendors, payment processors, IT and cybersecurity providers, data analytics providers, training platform vendors, document management providers, mailing vendors, customer support providers, premium audit firms, and other vendors that support our business.
- From government agencies, regulators, courts, law enforcement, public records, sanctions lists, anti-fraud databases, insurance advisory organizations, rating bureaus, and similar sources.
- From consumer reporting agencies, inspection services, insurance support organizations, other insurers, reinsurers, and third-party databases, where permitted by law.
- From our websites, portals, applications, cookies, pixels, analytics technologies, email tools, and other digital systems.
- From inferences generated by Care West or our service providers based on information we collect or receive.
HOW WE USE PERSONAL INFORMATION
PERSONAL INFORMATION COLLECTION, USE, AND DISCLOSURE PURPOSES
We may use and disclose personal information, including sensitive personal information where permitted by law, to advance our business and commercial purposes, specifically to:
- Develop, offer, underwrite, price, issue, administer, renew, service, audit, and manage workers’ compensation insurance policies.
- Determine eligibility for coverage, evaluate applications, obtain or provide quotes, calculate premiums, administer classifications, conduct premium audits, and support insurance rating and underwriting functions.
- Investigate, evaluate, process, manage, defend, settle, pay, or otherwise administer workers’ compensation claims, including medical management, claim investigation, subrogation, litigation management, fraud detection, and communications with claimants, insureds, employers, providers, and other claim participants.
- Process premium payments, refunds, claim payments, reimbursements, and other financial transactions.
- Create, maintain, customize, secure, and service accounts, portals, policy records, claims files, payment records, and related systems.
- Provide customer service, broker support, technical support, policyholder support, claims support, risk management services, workplace safety services, online training, and other services requested by or made available to insureds, brokers, claimants, or other consumers.
- Fulfill the purposes for which the personal information was provided or that were described at or before the point of collection.
- Administer our websites, portals, applications, systems, and internal operations, including troubleshooting, debugging, data analysis, testing, research, auditing, reporting, system security, and operational improvement.
- Conduct data analytics, actuarial analysis, benchmarking, risk modeling, underwriting analysis, claim trend analysis, fraud analytics, and product or service improvement.
- Protect Care West, our policyholders, insureds, employees, systems, assets, operations, claims processes, and business partners.
- Detect, prevent, investigate, report, and respond to fraud, security incidents, unlawful conduct, regulatory violations, suspicious claims activity, and other malicious, deceptive, fraudulent, or illegal activity.
- Comply with insurance, privacy, tax, accounting, employment, workers’ compensation, regulatory, litigation, subpoena, court order, law enforcement, reporting, audit, and other legal obligations.
- Exercise or defend the legal rights of Care West, our affiliates, insureds, policyholders, employees, service providers, contractors, agents, brokers, claimants, and other persons or entities.
- Engage in corporate transactions requiring review or transfer of consumer records, such as mergers, acquisitions, divestitures, restructurings, reorganizations, insolvency proceedings, or sale or transfer of assets.
- Improve our products, services, websites, portals, training, risk management offerings, broker relationships, policyholder relationships, and consumer experiences.
- Measure or understand the effectiveness of communications, website functionality, digital content, and advertising or marketing activities.
- Otherwise use personal information as permitted or required by applicable law.
SENSITIVE PERSONAL INFORMATION USE AND DISCLOSURE PURPOSES
We may use or disclose sensitive personal information for the following statutorily approved reasons (“Permitted SPI Purposes”):
- Performing actions that are necessary for our consumer relationship and that an average consumer in a relationship with us would reasonably expect, including administering insurance policies, processing payments, servicing accounts, and handling claims.
- Preventing, detecting, and investigating security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted personal information.
- Defending against and prosecuting malicious, deceptive, fraudulent, or illegal actions directed at Care West, our insureds, policyholders, claimants, systems, or operations.
- Ensuring physical safety.
- Short-term, transient use, such as non-personalized advertising shown as part of a current interaction with us, provided we do not disclose sensitive personal information to another third party or use it to build a profile or otherwise alter a consumer’s experience outside the current interaction.
- Performing services for Care West, including maintaining or servicing accounts, processing transactions, verifying consumer information, processing payments, providing financing, analytics, storage, security, claims administration, policy administration, or similar services.
- Activities required to verify or maintain the quality or safety of a service, system, portal, website, or device that we own, control, or use, or to improve, upgrade, or enhance such service, system, portal, website, or device.
- Collecting or processing sensitive personal information where we do not use it for the purpose of inferring characteristics about a consumer.
We do not use or disclose sensitive personal information for purposes other than the Permitted SPI Purposes. Accordingly, we do not currently provide a right to limit the use or disclosure of sensitive personal information.
ADDITIONAL CATEGORIES OR OTHER PURPOSES
We will not collect additional categories of personal information or use personal information for materially different, unrelated, or incompatible purposes without providing notice. If required by law, we will seek consent before using personal information for a new or unrelated purpose. We will not collect additional categories of personal information or use personal information for materially different, unrelated, or incompatible purposes without providing notice. If required by law, we will seek consent before using personal information for a new or unrelated purpose.
We may collect, process, and disclose aggregated or deidentified consumer information for any purpose, without restriction. When we collect, process, or disclose deidentified information, we will maintain and use it in deidentified form and will not attempt to reidentify it, except to determine whether our deidentification processes satisfy applicable legal requirements.
DISCLOSING, SELLING, OR SHARING PERSONAL INFORMATION
BUSINESS PURPOSE DISCLOSURES
We may disclose the personal information we collect, including sensitive personal information, to service providers and contractors for the business purposes described in the “Personal Information Collection, Use, and Disclosure Purposes” section above, such as to support our insurance operations, claims administration, underwriting, billing, regulatory compliance, and business functions. For example, we may disclose information from your interactions with our website to cybersecurity providers to help secure our systems, payroll and employment information to premium audit vendors to verify classifications and wages, claim-related information to claims administrators and medical providers to evaluate and manage claims, or policyholder contact information to communication service providers to deliver notices.
We only make these business purpose disclosures under written contracts or legal obligations that describe the purposes, require the recipient to keep the personal information confidential where required by law, prohibit using the disclosed information for any purpose except performing the contract or as otherwise permitted by law, and meet the CCPA’s requirements for engaging service providers or contractors.
The list below identifies the personal information categories we disclosed to service providers or contractors for a business purpose over the preceding 12 months and the specific business or commercial purposes for disclosing that information:
- Identifiers to insurance agents, brokers, and service providers to underwrite, issue, service, and administer insurance policies, maintain accounts, and communicate with consumers.
- California Customer Records information to payment processors, banks, auditors, and financial service providers to process payments, administer billing, and maintain financial records.
- Protected classification characteristics to claims administrators, adjusters, medical providers, and legal advisors where relevant to evaluate and administer workers’ compensation claims and comply with legal obligations.
- Commercial information to underwriting, actuarial, reinsurance, and insurance support organizations to evaluate risk, price policies, administer coverage, and manage insurance operations.
- Internet or other similar network activity to IT, cybersecurity, hosting, analytics, and website service providers to operate, secure, maintain, and improve our digital systems and detect fraud or security incidents.
- Geolocation data to security, fraud prevention, analytics, and operational service providers to support system integrity, claims handling, and business operations.
- Sensory data to customer service providers, claims administrators, investigators, and legal advisors to support call monitoring, claims handling, dispute resolution, and compliance.
- Professional or employment-related information to insured employers, auditors, claims administrators, and service providers to administer policies, conduct premium audits, evaluate claims, and comply with regulatory requirements.
- Inferences to actuarial, analytics, underwriting, fraud detection, and risk management service providers to evaluate risk, improve products, and support insurance operations.
- Sensitive personal information, including government identifiers and health information, to claims administrators, medical providers, regulators, legal advisors, and service providers where necessary to administer claims, comply with legal obligations, prevent fraud, and ensure security, and only for purposes permitted by the CCPA.
SELLING OR SHARING PERSONAL INFORMATION
We do not sell personal information for monetary consideration. We have not sold personal information in the preceding 12 months.
We may share personal information for cross-context behavioral advertising if our website or digital services use cookies, pixels, analytics tags, advertising technologies, or similar technologies that disclose identifiers or internet or other similar network activity to third parties for targeted advertising across businesses, websites, applications, or services. In the preceding 12 months, we may have shared identifiers and internet or other similar network activity with advertising networks, analytics providers (such as Google), search engines, social media platforms, or similar digital advertising partners for purposes of analytics, advertising measurement, and cross-context behavioral advertising. These third parties may independently collect, use, and disclose information about your interactions with our website or other websites and services in accordance with their own privacy policies. We do not control these third parties’ data practices. For more information about how these third parties process your information, you should review their applicable privacy policies.
We do not knowingly sell or share personal information of consumers under 16 years of age.
YOUR RIGHTS AND CHOICES
If you are a California resident, the CCPA grants you the following rights regarding your personal information, subject to certain exceptions and limitations.
RIGHT TO KNOW AND DATA PORTABILITY REQUESTS
You have the right to request that we disclose certain information to you about our collection and use of your personal information, including the specific pieces of personal information we have collected about you. Our response will cover the 12-month period preceding the request, although we will honor requests to cover longer periods that do not extend past January 1, 2022, unless doing so would be impossible or involve disproportionate effort. You may exercise your right to know twice in any 12-month period. Once we receive your request and confirm your identity, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources from which we collected your personal information.
- The business or commercial purpose for collecting, selling, or sharing your personal information, if applicable.
- The categories of persons, including third parties, to whom we disclosed your personal information, including separate disclosures identifying the categories of personal information disclosed for a business purpose and, if applicable, sold or shared.
- A copy of your personal information, subject to permitted redactions, where your request includes a data portability request.
RIGHT TO DELETE AND RIGHT TO CORRECT
You have the right to request that we delete personal information that we collected from you and retained, subject to certain exceptions and limitations. Once we receive your request and confirm your identity, we will delete your personal information from our systems unless an exception allows or requires us to retain it. We will also notify our service providers and contractors to take appropriate action where required by law.
You also have the right to request correction of personal information we maintain about you that you believe is inaccurate. We may require documentation, if needed, to confirm your identity and support your claim that the information is inaccurate. Unless an exception applies, we will correct personal information that our review determines is inaccurate and notify service providers and contractors to take appropriate action where required by law.
RIGHT TO LIMIT SENSITIVE PERSONAL INFORMATION USE AND DISCLOSURE
You have a right to ask businesses that use or disclose sensitive personal information for purposes other than the CCPA’s Permitted SPI Purposes to limit that use or disclosure. Because we do not use or disclose sensitive personal information beyond the Permitted SPI Purposes, we do not currently provide a right to limit sensitive personal information.
PERSONAL INFORMATION SALES OR SHARING OPT-OUT AND OPT-IN RIGHTS
You have the right to direct a business that sells or shares your personal information to stop selling or sharing that information, including through a user-enabled opt-out preference signal. We do not sell personal information. If we share personal information for cross-context behavioral advertising, you may opt out by using the methods described below.
AUTOMATED DECISION-MAKING TECHNOLOGY RIGHTS
We do not currently use automated decision-making technology to make significant decisions about consumers within the meaning of applicable CCPA regulations. Accordingly, we do not currently provide automated decision-making technology access, opt-out, or appeal rights. If we begin using automated decision-making technology in a manner that triggers CCPA rights, we will provide any required pre-use notices and rights mechanisms.
RIGHT TO NON-DISCRIMINATION
You have the right not to be discriminated or retaliated against for exercising any of your privacy rights under the CCPA.
HOW TO EXERCISE YOUR RIGHTS
EXERCISING THE RIGHTS TO KNOW, DELETE, OR CORRECT
To exercise the right to know, delete, or correct described above, please submit a verifiable request to us by either:
- Calling us toll-free at (877) 625-6566
- Emailing us at privacy@carewestins.com
- Mailing a request to: Care West Insurance Company, Attn: Privacy, 2521 Warren Drive Ste. B, Rocklin, CA 95677.
Please describe your request with sufficient detail so we can properly understand, evaluate, and respond to it. You or your authorized agent may only submit a request to know, including for data portability, twice in a 12-month period.
EXERCISING THE RIGHT TO OPT-OUT OF SALE OR SHARING
Because we do not sell personal information, we do not provide an opt-out mechanism for sales. If we share personal information for cross-context behavioral advertising, you may submit an opt-out request by:
- Calling us toll-free at (877) 625-6566
- Emailing us at privacy@carewestins.com
We will process opt-out preference signals to the extent required by the CCPA and applicable regulations. If we cannot reasonably associate an opt-out preference signal with your account or other information, we will apply the signal to the browser, device, or identifier through which the signal is received.
VERIFICATION PROCESS AND AUTHORIZED AGENTS
Only you, or someone legally authorized to act on your behalf, may make a request to know, delete, or correct related to your personal information. To designate an authorized agent, you or your authorized agent may submit proof of authorization by contacting us through the methods above. We may require you to verify your identity directly with us and confirm that you provided the authorized agent permission to submit the request.
We cannot respond to your request to know, delete, or correct if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in the request to verify the requester’s identity or authority, maintain records of the request, and comply with the request.
For requests to opt out of sale or sharing, we ask for only the information necessary to complete the request, which may include, for example, name, email address, account username, browser or device information, or other information reasonably necessary to process the request.
RESPONDING TO REQUESTS TO KNOW, DELETE, OR CORRECT
We will confirm receipt of your request within 10 business days. We endeavor to substantively respond to a verifiable request within 45 days of receipt. If we require more time, up to another 45 days, we will inform you of the reason and extension period in writing.
Our substantive response will tell you whether or not we have complied with your request. If we cannot comply with your request in whole or in part, we will explain the reason, subject to any legal or regulatory restrictions. Applicable law may allow or require us to refuse access to some or all personal information, or we may have destroyed, deleted, or deidentified personal information in compliance with records retention policies and obligations.
For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to a verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine a fee is warranted, we will tell you why and provide a cost estimate before completing the request.
RESPONSE AND TIMING ON OPT-OUT REQUESTS
In response to a request to opt out of sale or sharing, we will process the request as soon as feasibly possible, but no later than 15 business days from the date we receive the request. You do not need to create an account with us to exercise opt-out rights. We will use personal information provided with an opt-out request only to comply with the request and maintain records of the request.
We may deny an opt-out request if we have a good-faith, reasonable, and documented belief that the request is fraudulent. If we deny a request on that basis, we will explain the denial to the requester.
HOW WE PROTECT YOUR PERSONAL INFORMATION
We use reasonable administrative, physical, and technical safeguards designed to protect personal information from accidental loss or destruction and from unauthorized access, use, alteration, and disclosure. We restrict access to personal information to employees, agents, service providers, contractors, and other parties who need the information to provide insurance products and services, administer claims, manage our business, or comply with legal obligations.
No website, portal, system, electronic storage, email, online service, or method of transmission over the Internet is completely secure. We cannot guarantee that personal information transmitted to, from, or through our websites, portals, email, or other electronic communications will remain secure at all times. Any transmission of personal information is at your own risk.
PRIVACY POLICY CHANGES
We reserve the right to update this Privacy Policy at any time, including as we continue to develop our compliance program in response to legal developments, operational changes, or changes in our privacy practices. If we make material changes to this Privacy Policy, we will update the effective date and post the updated Privacy Policy on our website or otherwise provide notice as required by law. We encourage you to review this Privacy Policy periodically.
CONTACT INFORMATION
If you have any questions or comments about this Privacy Policy, the ways in which we collect and use personal information, your choices and rights regarding such use, or if you wish to exercise your rights under California law, please contact us at:
- Phone: (877) 625-6566
- Email: privacy@carewestins.com
- Website: https://carewestins.com/contact-us/
- Postal Address: Care West Insurance Company Attn: Privacy 2521 Warren Drive Ste. Rocklin, CA 95677
If you need to access this Privacy Policy in an alternative format due to a disability, please contact us at privacy@carewestins.com or (877) 625-6566.